IRA Financial Files Lawsuit Against Gemini Over $36M hack

IRA Financial Trust (IRA) is Suing Gemini

The IRA Financial Trust (IRA) is suing Gemini for the February 2022 hack, which resulted in the theft of $36 million from IRA customers' accounts at the cryptocurrency exchange. According to a press release, IRA, a U.S. platform for self-directed retirement and pension accounts, claims in the lawsuit that Gemini "did not have proper safeguards in place to protect customer crypto assets" and "failed to freeze accounts within a sufficient [time-frame]" after IRA alerted Gemini to the theft. Gemini is a New York-based cryptocurrency exchange. Tyler and Cameron Winklevoss co-founded it, and it is now one of the most popular stock exchanges in the United States.

According to IRA, Gemini insisted on using Gemini's application programming interface (API) to streamline customer onboarding while failing to disclose to IRA that the API contained a single point of failure, namely a master account controlled by a master-key under which "all of Gemini's IRA customers were sub-account holders."

Unencrypted Emails between Gemini and IRA

According to the lawsuit, the criminals allegedly obtained the master key from unencrypted emails between Gemini and IRA. To divert IRA employees' attention away from the heist, the hackers may have fraudulently reported kidnapping in IRA's South Dakota offices to the police department (who then dispatched a SWAT squad to the scene). They then combined the monies from all sub-accounts before extracting the total amount using the master key. Gemini's anti-fraud systems did not detect the transfers. The profits from the lawsuit against Gemini, according to IRA, will be used to reimburse IRA consumers.

A lawsuit has been filed against Gemini for the second time in less than a week. The Commodity Futures Trading Commission (CFTC) is also suing Gemini for making false or misleading representations during an evaluation in 2017 about its plans for a Bitcoin futures product.